[Remote] Application Security Analyst

Remote Full-time
Note: The job is a remote job and is open to candidates in USA. HealthStream is the leader in healthcare workforce solutions, dedicated to enhancing the quality of healthcare by empowering the people who deliver care. They are seeking an Application Security Analyst to support and execute the application security program, focusing on identifying and remediating security vulnerabilities across software products and cloud environments while collaborating with various teams to embed security practices into the software development lifecycle.ResponsibilitiesYou will be responsible for adhering to all HealthStream security policies, procedures, and assigned trainingOperate and manage automated application security testing tools, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST)Triage, validate, and prioritize vulnerability findings from security scans, penetration tests, and bug reports, working with development teams to track remediation to closureConduct or support manual security assessments and penetration testing of web applications, APIs, and mobile applicationsProduce clear, actionable vulnerability reports with risk ratings and remediation guidance for development teamsManage and maintain vulnerability findings within the Snyk, Invicti and SonarQube or equivalent vulnerability management platformSupport the integration of security into CI/CD pipelines and DevSecOps workflows, including automated security gate checksParticipate in design and architecture reviews with a security lens, helping identify potential risks early in the development processAssist in threat modeling exercises for new features and systems under the guidance of the AppSec ArchitectPerform security-focused code reviews and provide developers with clear, constructive feedback and guidanceContribute to the maintenance of a secure code library and reusable security patterns for development teamsSupport the management and configuration of application security tools such as Synk, Invicti, SonarQube and DefectDojoAssist in implementing and monitoring security controls for cloud-based environments, including AWS and AzureEvaluate and test emerging security tools and contribute recommendations to the AppSec teamSupport API security testing and assist in securing third-party and open-source integrationsCollaborate with cross-functional teams including Engineering, DevOps, and Product to promote security best practices and a shift-left mindsetDeliver security awareness content and assist in conducting security training sessions for development staffStay current on emerging security threats, vulnerabilities (CVEs), and attack techniques, sharing relevant intelligence with the teamAssist in maintaining security documentation, standards, runbooks, and internal knowledge base articlesSupport compliance-related activities, including evidence gathering for audits related to HIPAA, SOC 2, HITRUST or other applicable frameworks. FedRAMP experience is a plusOther Duties as assignedSkillsBachelor's degree in information security, Computer Science, Software Engineering, or a related field. Equivalent practical experience will be considered2 to 4 years of experience in application security, information security, or software development with a security focusWorking knowledge of the OWASP Top 10, common web application vulnerabilities, and secure coding principlesHands-on experience with application security testing tools such as SAST, DAST, or IAST (e.g., Synk, Invicti, Checkmarx, SonarQube, Burp Suite, or similar)Familiarity with cloud security concepts and hands-on exposure to AWS or Azure environmentsUnderstanding of CI/CD pipelines and experience integrating security checks into DevOps workflowsExperience with API security testing and a solid understanding of RESTful service securityProficiency in at least one scripting or programming language such as Python, JavaScript, Java, or Go for automation and security tooling purposesStrong analytical and problem-solving skills with attention to detailExcellent written and verbal communication skills, with the ability to explain security concepts to both technical and non-technical audiencesAbility to manage multiple tasks and vulnerabilities simultaneously, prioritizing effectively in a fast-paced environmentRelevant security certifications such as CompTIA Security+, CEH (Certified Ethical Hacker), GWAPT, eWPT, or equivalentExperience using vulnerability management platforms such as Snyk, Invicti, or similarFamiliarity with security frameworks and standards including OWASP SAMM, NIST, or CIS ControlsExposure to healthcare industry security and privacy regulations, including HIPAAExperience with secure methods of integration with third-party platforms and open-source componentsParticipation in bug bounty programs, Capture the Flag (CTF) competitions, or open-source security researchAwareness of AI/ML security trends and their implications for application securityExperience with Identity and Access Management (IAM) security concepts and OAuth/OpenID ConnectBenefitsMedical, Dental and Vision insurancePaid Time OffParental Leave401k and RothFlexible Spending AccountHealth Savings AccountLife InsuranceShort- and Long-Term DisabilityMedical Bridge InsuranceCritical Illness InsuranceAccident InsuranceIdentity ProtectionLegal ProtectionPet InsuranceEmployee Assistance ProgramFitness ReimbursementCompetitive Compensation & BonusesComprehensive Insurance PlansMental and Physical Health SupportWork-from-home flexibilityFitness Center ReimbursementsStreaming Good time off for volunteeringWellness workshopsBuddy Program for new HealthStreamersCollaborative work environmentCareer growth opportunitiesContinuous learning opportunitiesInspiring workspaces to collaborate and connect with other HealthStreamersFree employee parking at our Resource Centers in Nashville and San DiegoFlexibility and paid time off to support work-life integration for all employees, including a hybrid work environment and Streaming Good volunteer dayCompany-sponsored onsite social events for development, connection, and celebrationCompany OverviewHealthStream is a HealthTech company that provides training, credentialing, and workforce management software for healthcare organisations.. It was founded in 1990, and is headquartered in Nashville, Tennessee, USA, with a workforce of 501-1000 employees. Its website is http://www.healthstream.com.Company H1B SponsorshipHealthStream has a track record of offering H1B sponsorships, with 1 in 2026, 35 in 2025, 28 in 2024, 18 in 2023, 49 in 2022, 22 in 2021, 23 in 2020. Please note that this does not guarantee sponsorship for this specific role.

Apply Now →
← Back